[wp-hackers] Wordpress Event Viewer Plugin

Brian Layman Brian at TheCodeCave.com
Tue Apr 3 14:53:19 GMT 2007


> For instance, IPB, VBulletin, MyTopix, MyBB - I trust these, because it
> encrypts the password in the DB.

VBulletin was the app that was emailing the passwords around in plain text.
It just takes a changed/inserted line of code before the encryption method
is called...  :)

I have a hybrid approach right now that uses a throw away u/p combo at sites
that I do not trust.  At sites I do trust I use a unique u/p combo for that
site, but there is a method to what I create and someone could break that if
they cared too.  Still those are all sites that anyone could get a free u/p
anyway.  So it doesn't matter. For sites that I have raised access on, I
raise that bar.  And I also have several core extra strong passwords for
sites that I admin or sites that have financial repercussions.  And those I
change periodically.

Of course email passwords are never mixed in with any of those because that
would allow the "Reset password" features to defeat any of those passwords.

A bit overkill? Maybe, but the more the every day person gets into php, the
more paranoid I get.  The web was much safer back in the early 90s when just
geeks were on it.  We at least followed a code in what we did and did not
do.  Just as most folks on this list do now.  Most all of us know ways to do
damage to other's sites, but don't do them.  

_______________________________________________
Brian Layman
http://www.TheCodeCave.com



More information about the wp-hackers mailing list